File: README.md

package info (click to toggle)
resolvconf-admin 0.3-1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, bullseye, buster, sid, trixie
  • size: 128 kB
  • sloc: ansic: 337; sh: 41; makefile: 35
file content (66 lines) | stat: -rw-r--r-- 2,239 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
resolvconf-admin
================

`resolvconf-admin` is a setuid helper program for tools that need to
be able to set up the local DNS resolver configuration.

This program deals with setting the local DNS resolver configuration
(i.e. `/etc/resolv.conf`), which needs to be done as root on some
systems.  One example use case is to run a DHCP client without giving
that DHCP client full superuser privileges.

Theory of Operation
-------------------

If `/sbin/resolvconf` is present and executable, it is invoked as root
with the specified configuration.  If `/sbin/resolvconf` is not
present (or is present but not executable), then `/etc/resolv.conf` is
updated directly.

WARNING!!!
----------

A better approach for setting up the DNS in a non-privileged way is to
make an authenticated IPC call to some [running daemon that already
manages
`/etc/resolv.conf`](https://www.freedesktop.org/wiki/Software/systemd/resolved/).
However, some systems do not run such a daemon, so we offer this
setuid approach instead, for those limited systems only.

This setuid program *should not* be installed on systems that already
run such a daemon, because every setuid program increases the attack
surface of the operating system.

*DO NOT INSTALL THIS TOOL IF YOU HAVE BETTER OPTIONS AVAILABLE TO YOU!*

Installation
------------

It should probably be installed as `/usr/bin/resolvconf-admin`
something like this:

    getent group resolvconf-admins >/dev/null || addgroup --system resolvconf-admins
    chown root:resolvconf-admins /usr/bin/resolvconf-admin
    chmod 4754 /usr/bin/resolvconf-admin

and then make sure the user that you care about has access, by
adding them to this group:

    adduser my-nonpriv-dhcp-daemon resolvconf-admins

Usage
-----

When the non-privileged user wants to set local DNS resolvers due to
information it learned from interface NETIF, it should invoke:

    resolvconf-admin add NETIF [-s SEARCH] [-d DOMAIN] NAMESERVER [...]

Note that DNS search path and domain name are optional.  However, at
least one nameserver is required.

When the non-privileged user wants to tear down the DNS resolver
information that it had previously set for interface NETIF, it should
invoke:

    resolvconf-admin del NETIF